/*
 * SoapUI, Copyright (C) 2004-2017 SmartBear Software
 *
 * Licensed under the EUPL, Version 1.1 or - as soon as they will be approved by the European Commission - subsequent 
 * versions of the EUPL (the "Licence"); 
 * You may not use this work except in compliance with the Licence. 
 * You may obtain a copy of the Licence at: 
 * 
 * http://ec.europa.eu/idabc/eupl 
 * 
 * Unless required by applicable law or agreed to in writing, software distributed under the Licence is 
 * distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 
 * express or implied. See the Licence for the specific language governing permissions and limitations 
 * under the Licence. 
 */

package com.eviware.soapui.impl.wsdl.support.wss.crypto;

import com.eviware.soapui.SoapUI;
import com.eviware.soapui.config.KeyMaterialCryptoConfig;
import com.eviware.soapui.impl.wsdl.AbstractWsdlModelItem;
import com.eviware.soapui.impl.wsdl.support.ExternalDependency;
import com.eviware.soapui.impl.wsdl.support.PathPropertyExternalDependency;
import com.eviware.soapui.impl.wsdl.support.wss.DefaultWssContainer;
import com.eviware.soapui.impl.wsdl.support.wss.WssContainer;
import com.eviware.soapui.impl.wsdl.support.wss.WssCrypto;
import com.eviware.soapui.impl.wsdl.teststeps.BeanPathPropertySupport;
import com.eviware.soapui.support.StringUtils;
import com.eviware.soapui.support.UISupport;
import com.eviware.soapui.support.resolver.ResolveContext;
import com.google.common.io.Files;
import org.apache.commons.ssl.KeyStoreBuilder;
import org.apache.commons.ssl.ProbablyBadPasswordException;
import org.apache.commons.ssl.Util;
import org.apache.log4j.Logger;
import org.apache.ws.security.components.crypto.CredentialException;
import org.apache.ws.security.components.crypto.Merlin;
import org.apache.ws.security.util.Loader;

import javax.annotation.Nonnull;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.List;
import java.util.Properties;

public class KeyMaterialWssCrypto implements WssCrypto {
    private static final String JCEKS_KEYSTORE_TYPE = "jceks";
    private static final String JCEKS_FILE_EXTENSION = "jck";

    private static final String PKCS12_KEYSTORE_TYPE = "pkcs12";
    private static final String PKCS12_FILE_EXTENSION = "pk12";

    private KeyMaterialCryptoConfig config;
    private final WssContainer container;
    private KeyStore keyStore;
    private BeanPathPropertySupport sourceProperty;

    private static final Logger log = Logger.getLogger(KeyMaterialWssCrypto.class);

    public KeyMaterialWssCrypto(KeyMaterialCryptoConfig config2, WssContainer container, String source,
                                String password, CryptoType type) {
        this(config2, container);
        setSource(source);
        setPassword(password);
        this.setType(type);
    }

    public KeyMaterialWssCrypto(KeyMaterialCryptoConfig cryptoConfig, WssContainer container2) {
        config = cryptoConfig;
        container = container2;

        sourceProperty = new BeanPathPropertySupport((AbstractWsdlModelItem<?>) container.getModelItem(), config,
                "source") {
            @Override
            protected void notifyUpdate(String value, String old) {
                getWssContainer().fireCryptoUpdated(KeyMaterialWssCrypto.this);
            }
        };
    }

    public Merlin getCrypto() {
        try {
            Properties properties = new Properties();

            properties.put("org.apache.ws.security.crypto.merlin.keystore.provider", "this");

            if (getType() == CryptoType.TRUSTSTORE) {
                properties.put("org.apache.ws.security.crypto.merlin.truststore.file", sourceProperty.expand());
            } else {
                properties.put("org.apache.ws.security.crypto.merlin.keystore.file", sourceProperty.expand());
                if (StringUtils.hasContent(getDefaultAlias())) {
                    properties.put("org.apache.ws.security.crypto.merlin.keystore.alias", getDefaultAlias());
                }
            }

            KeyMaterialCrypto keyMaterialCrypto = new KeyMaterialCrypto(properties);
            return keyMaterialCrypto;
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }

    public String getLabel() {
        String source = getSource();

        int ix = source.lastIndexOf(File.separatorChar);
        if (ix == -1) {
            ix = source.lastIndexOf('/');
        }

        if (ix != -1) {
            source = source.substring(ix + 1);
        }

        return source;
    }

    public String getSource() {
        return sourceProperty.expand();
    }

    public void udpateConfig(KeyMaterialCryptoConfig config) {
        this.config = config;
        sourceProperty.setConfig(config);
    }

    public void setSource(String source) {
        sourceProperty.set(source, true);
        keyStore = null;
    }

    /*
     * This loads the keystore / truststore file
     */
    // FIXME Why is this method called like times in a row?
    public KeyStore load() throws Exception {
        if (keyStore != null) {
            return keyStore;
        }

        try {
            UISupport.setHourglassCursor();

            String crypotFilePath = sourceProperty.expand();
            String fileExtension = Files.getFileExtension(crypotFilePath);
            String keystoreType = fileExtensionToKeystoreType(fileExtension);

            ClassLoader loader = Loader.getClassLoader(KeyMaterialWssCrypto.class);
            InputStream input = Merlin.loadInputStream(loader, crypotFilePath);
            keyStore = KeyStore.getInstance(keystoreType);

            char[] password = null;

            if (!StringUtils.isNullOrEmpty(getPassword())) {
                password = getPassword().toCharArray();
            }

            keyStore.load(input, password);

            return keyStore;
        } catch (Exception exceptionFromNormalLoad) {
            log.warn("Using fallback method to load keystore/truststore due to: " + exceptionFromNormalLoad.getMessage());
            try {
                keyStore = fallbackLoad();
                return keyStore;
            } catch (Exception exceptionFromFallbackLoad) {
                keyStore = null;
                SoapUI.logError(exceptionFromFallbackLoad, "Could not load keystore/truststore");
                throw new Exception(exceptionFromFallbackLoad);
            }
        } finally {
            UISupport.resetCursor();
        }
    }

    @Nonnull
    private String fileExtensionToKeystoreType(String fileExtension) {
        if (fileExtension.equals(PKCS12_FILE_EXTENSION)) {
            return PKCS12_KEYSTORE_TYPE;
        } else if (fileExtension.equals(JCEKS_FILE_EXTENSION)) {
            return JCEKS_KEYSTORE_TYPE;
        } else {
            return KeyStore.getDefaultType();
        }
    }

    /*
     * This is the less preferred way to loading cryptos, but is used for
     * backwards compability.
     */
    @javax.annotation.Nullable
    @Deprecated
    private KeyStore fallbackLoad() throws IOException, CertificateException, KeyStoreException,
            NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, ProbablyBadPasswordException,
            UnrecoverableKeyException, FileNotFoundException {
        KeyStore fallbackKeystore = null;
        if (StringUtils.hasContent(getDefaultAlias()) && StringUtils.hasContent(getAliasPassword())) {
            fallbackKeystore = KeyStoreBuilder.build(
                    Util.streamToBytes(new FileInputStream(sourceProperty.expand())), getDefaultAlias().getBytes(),
                    getPassword().toCharArray(), getAliasPassword().toCharArray());
        } else {
            fallbackKeystore = KeyStoreBuilder.build(
                    Util.streamToBytes(new FileInputStream(sourceProperty.expand())),
                    StringUtils.hasContent(getPassword()) ? getPassword().toCharArray() : null);
        }
        return fallbackKeystore;
    }

    public String getStatus() {
        try {
            if (StringUtils.hasContent(getSource())) {
                load();
                return "OK";
            } else {
                return "<unavailable>";
            }
        } catch (Exception e) {
            // FIXME We should also log the error if it weren't for all repedious calls to this method.
            return "<error: " + e.getMessage() + ">";
        }
    }

    public String getPassword() {
        return config.getPassword();
    }

    public String getAliasPassword() {
        return config.getAliasPassword();
    }

    public String getDefaultAlias() {
        return config.getDefaultAlias();
    }

    public void setAliasPassword(String arg0) {
        config.setAliasPassword(arg0);
    }

    public void setDefaultAlias(String arg0) {
        config.setDefaultAlias(arg0);
    }

    public void setPassword(String arg0) {
        config.setPassword(arg0);
        keyStore = null;
        getWssContainer().fireCryptoUpdated(this);
    }

    public String toString() {
        return getLabel();
    }

    public DefaultWssContainer getWssContainer() {
        return (DefaultWssContainer) container;
    }

    private class KeyMaterialCrypto extends Merlin {
        private KeyMaterialCrypto(Properties properties) throws CredentialException, IOException {
            super(properties);
        }

        @Override
        public KeyStore load(InputStream input, String storepass, String provider, String type)
                throws CredentialException {
            if ("this".equals(provider)) {
                try {
                    return KeyMaterialWssCrypto.this.load();
                } catch (Exception e) {
                    throw new CredentialException(0, null, e);
                }
            } else {
                return super.load(input, storepass, provider, type);
            }
        }

        @Override
        public String getCryptoProvider() {
            return config.getCryptoProvider();
        }
    }

    public String getCryptoProvider() {
        return config.getCryptoProvider();
    }

    public void setCryptoProvider(String provider) {
        config.setCryptoProvider(provider);
        keyStore = null;
        getWssContainer().fireCryptoUpdated(this);
    }

    @Override
    public CryptoType getType() {
        String typeConfig = config.getType();

        // Default to Keystore if type is not saved in configuration
        if (typeConfig == null) {
            typeConfig = CryptoType.KEYSTORE.name();
        }
        CryptoType type = CryptoType.valueOf(typeConfig);
        return type;
    }

    public void setType(@Nonnull CryptoType type) {
        config.setType(type.name());
    }

    public void resolve(ResolveContext<?> context) {
        sourceProperty.resolveFile(context, "Missing keystore/certificate file");
    }

    public void addExternalDependency(List<ExternalDependency> dependencies) {
        dependencies.add(new PathPropertyExternalDependency(sourceProperty));
    }
}
